Globally 415,000 MikroTik routers infected by cryptojacking malware

If you are using MikroTik routers, an update of the latest security patch released to protect your network from cryptojacking malware by which an attacker gets a much wider access can literally steal all of your information and the websites you are browsing, without your knowledge!

here is the link: https://mikrotik.com/download

On a report substantiated by the Researchers, globally around 415,000 MikroTik routers have been infected with cryptojacking malware which allows hackers to secretly mine cryptocurrency by stealing the computing power of computers connected to the routers. The attack affects particularly MikroTik routers. 

Initially, most of the compromised routers were concentrated in Brazil. However, according to the reports, the number of infected devices have expanded worldwide including routers in North America, South America, Africa, Europe, the Middle East, and Asia.

What is Crypotojacking ?

Cryptojacking is a scheme to use people’s devices (computers, smartphones, tablets, or even servers), without their consent or knowledge, to secretly mine cryptocurrency on the victim’s dime. Instead of building a dedicated cryptomining computer, hackers use cryptojacking to steal computing resources from their victims’ devices. When you add all these resources up, hackers are able to compete against sophisticated cryptomining operations without the costly overhead.

If you’re a victim of cryptojacking, you may not notice. Most cryptojacking software is designed to stay hidden from the user, but that doesn’t mean it’s not taking its toll.

We are more or less familiar with the terminology - cryptocurrency, which is a form of digital currency that can be used in exchange for goods, services, and even real money. Users can “mine” it on their computer by using special programs to solve complex, encrypted math equations in order to gain a piece of the currency.

In a sense, cryptojacking is a way for cybercriminals to make free money with minimal effort. Cybercriminals can simply hijack someone else’s machine with just a few lines of code. This leaves the victim bearing the cost of the computations and electricity that are necessary to mine cryptocurrency, while criminals get away with the tokens. 

The cryptojacking malware was first discovered in August and the number of affected routers has more than doubled since then. In August it was reported that around 200,000 routers were affected.

How cryptojacking works? 

Hackers were able to inject Coinhive script onto every webpage that a user visits by exploiting a security flaw in older versions of the router’s firmware. Coin mining on your own can be a long, costly endeavor. Elevated electricity bills and expensive computer equipment are major investments and key challenges to coin mining. The more devices you have working for you, the faster you can “mine” coins; because of the time and resources that go into coin mining, cryptojacking is attractive to cybercriminals.

There are a few ways cryptojacking can occur. One of the more popular ways is to use malicious emails that can install cryptomining code on a computer. This is done through phishing tactics. The victim receives a seemingly harmless email with a link or an attachment. Upon clicking on the link or downloading the attachment, it runs a code that downloads the cryptomining script on the computer. The script then works in the background without the victim’s knowledge.

Another way is through web browser miner. In this method, hackers inject a cryptomining script on a website or in an ad that is placed on multiple websites. When the victim visits the infected website, or if the malicious ad pops up in the victim’s browser, the script automatically executes. In this method, no code is stored on the victim’s computer.

In both these instances, the code solves complex mathematical problems and sends the results to the hacker’s server while the victim is completely unaware.

MikroTik’s approach for its resolution

MikroTik is trying to enhance its security and has released a patch within a day of discovery of the malware. It is highly suggested that customers of MikroTik should immediately install the latest firmware in order to protect their devices.

With reference to the comments from Manish Kumawat, Director at Cryptus Cyber Security Pvt Ltd, an organisation that provides Cyber Security Services, Corporate Training to the govt. & Private organisations, it was found that malware origin compromised routers were located in Brazil. After that with spread of this malware threat, it is observed that routers in Africa, North America, South America, Europe, the Middle East and Asia have also been infected. MikroTik routers have a great market area, and many internet service providers and organizations use it. The spread of router infection up to such a great extend shows that many of the organizations had not installed the latest firmware of router.

The main relax point of crypto jacking attack was that, it doesn’t compromise any of the personal information or transmit any on the network. Crypto jacking attack is mainly used by hacker to use computing power and resources for mining of crypto currency.

Ankush Johar, the Director at Infosec Ventures, an organisation that provides complete infrastructure security solutions for commercial and government clients of all sizes commented that even though the patch has been released, it won’t be of much help because most standard users never care to update their routers even if they know how to. Router companies are slowly shifting to auto-updating frameworks but that is a meta shift which won't happen so quickly and till then, router exploits will be as deadly as any other hardware based exploit as majority of the users will stay vulnerable for years to come.

Once a router gets hacked/exploited, cryptojacking is just only one possible attack scenario. In real life, an attacker gets a much wider access and can literally steal all information of the users and the websites they are browsing. 

Users are suggested to update their router by logging into the admin panel of the router and click on firmware update or router update. 

How to detect cryptojacking 

As with any other malware infection, there are some signs you may be able to notice on your own.

Symptoms of cryptojacking 

    High processor usage on your device

    Sluggish or unusually slow response time

    Overheating of your device

How to prevent cryptojacking

A strong internet security software suite can help block cryptojacking threats.

In addition to using security software and educating yourself on cryptojacking, you can also install ad-blocking or anti-cryptomining extensions on web browsers for an extra layer of protection. As always, be sure to remain wary of phishing emails, unknown attachments and dubious links.